This is my problem. We have this website that is run on two web applications. The first web application hosts the home page and clicking certain links in the home page would forward it to pages of the second web application where certain functionalities can be done. Now, there has been an initiative to redesign the site to have a login page and only logged in users could browse it. This would mean a login page being created in the first app, and when links to the second application are clicked, the pages are supposed to forward to it with the same session of the user that logged in.
What do you mean by "enough security"? What kinds of attacks (and which attackers) are you trying to guard against?
Joined: Aug 11, 2005
From hackers who could possibly bypass the login and enter the site or from XSS attacks
Joined: Mar 22, 2005
If by "enter the site" you mean via HTTP, I think that risk is small if you use the container's built-in authentication mechanism to secure the web apps (and use strong passwords as well as SSL where appropriate). Against an attacker gaining system-level access (possible even root access), most bets are off, but it doesn't sound like that's the kind of threat you're concerned about.